Return-Path: Delivered-To: apmail-httpd-users-de-archive@www.apache.org Received: (qmail 31599 invoked from network); 15 Sep 2004 18:51:07 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (209.237.227.199) by minotaur-2.apache.org with SMTP; 15 Sep 2004 18:51:07 -0000 Received: (qmail 9011 invoked by uid 500); 15 Sep 2004 18:50:49 -0000 Delivered-To: apmail-httpd-users-de-archive@httpd.apache.org Received: (qmail 8871 invoked by uid 500); 15 Sep 2004 18:50:48 -0000 Mailing-List: contact users-de-help@httpd.apache.org; run by ezmlm Precedence: bulk list-help: list-unsubscribe: list-post: Reply-To: users-de@httpd.apache.org Delivered-To: mailing list users-de@httpd.apache.org Received: (qmail 8657 invoked by uid 99); 15 Sep 2004 18:50:45 -0000 X-ASF-Spam-Status: No, hits=-10.0 required=10.0 tests=ALL_TRUSTED X-Spam-Check-By: apache.org Received: from [209.237.227.194] (HELO minotaur.apache.org) (209.237.227.194) by apache.org (qpsmtpd/0.28) with SMTP; Wed, 15 Sep 2004 11:50:45 -0700 Received: (qmail 31178 invoked from network); 15 Sep 2004 18:50:43 -0000 Received: from localhost.hyperreal.org (HELO Cougar) (127.0.0.1) by localhost.hyperreal.org with SMTP; 15 Sep 2004 18:50:43 -0000 Message-ID: <02a101c49b54$e6ced7d0$1500a8c0@Cougar> From: "Sander Striker" To: Subject: [ANNOUNCE] Apache HTTP Server 2.0.51 Released Date: Wed, 15 Sep 2004 20:50:41 +0200 MIME-Version: 1.0 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1409 X-MIMEOLE: Produced By Microsoft MimeOLE V6.00.2800.1409 X-Spam-Rating: localhost.hyperreal.org 1.6.2 0/1000/N X-Virus-Checked: Checked X-Spam-Rating: minotaur-2.apache.org 1.6.2 0/1000/N -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The Apache Software Foundation and the The Apache HTTP Server Project are pleased to announce the release of version 2.0.51 of the Apache HTTP Server ("Apache"). This Announcement notes the significant changes in 2.0.51 as compared to 2.0.50. This version of Apache is principally a bug fix release. Of particular note is that 2.0.51 addresses five security vulnerabilities: An input validation issue in IPv6 literal address parsing which can result in a negative length parameter being passed to memcpy. [http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0786] A buffer overflow in configuration file parsing could allow a local user to gain the privileges of a httpd child if the server can be forced to parse a carefully crafted .htaccess file. [http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0747] A segfault in mod_ssl which can be triggered by a malicious remote server, if proxying to SSL servers has been configured. [http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0751] A potential infinite loop in mod_ssl which could be triggered given particular timing of a connection abort. [http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0748] A segfault in mod_dav_fs which can be remotely triggered by an indirect lock refresh request. [http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0809] The Apache HTTP Server Project would like to thank Codenomicon for supplying copies of their "HTTP Test Tool" used to discover CAN-2004-0786, and to SITIC for reporting the discovery of CAN-2004-0747. This release is compatible with modules compiled for 2.0.42 and later versions. We consider this release to be the best version of Apache available and encourage users of all prior versions to upgrade. Apache HTTP Server 2.0.51 is available for download from http://httpd.apache.org/download.cgi?update=200409150645 Please see the CHANGES_2.0 file, linked from the above page, for a full list of changes. Apache 2.0 offers numerous enhancements, improvements, and performance boosts over the 1.3 codebase. For an overview of new features introduced after 1.3 please see http://httpd.apache.org/docs-2.0/new_features_2_0.html When upgrading or installing this version of Apache, please keep in mind the following: If you intend to use Apache with one of the threaded MPMs, you must ensure that the modules (and the libraries they depend on) that you will be using are thread-safe. Please contact the vendors of these modules to obtain this information. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.3 (GNU/Linux) iD8DBQFBSIdJZjW2wN6IXdMRAqbGAJsFz8XbVkQvpmreh8sHE3DeACXUKwCeJkpF gxDK5D1j00qUCzksg872i1c= =ghiQ -----END PGP SIGNATURE----- -------------------------------------------------------------------------- Apache HTTP Server Mailing List "users-de" unsubscribe-Anfragen an users-de-unsubscribe@httpd.apache.org sonstige Anfragen an users-de-help@httpd.apache.org --------------------------------------------------------------------------